Commercial organizations often use personally identified information for a variety of tasks, such as tracking customer purchase patterns, evaluating response to promotions, etc. The identification information can include highly confidential and/or personal information such as credit card numbers, customer numbers, employer names, addresses, email addresses, purchasing histories, web browsing histories, airline flight histories, and the like. In the healthcare industry, sensitive information can include health plan claims, physician identifiers, outcomes research, etc.
There has been increasing attention to responsible handling and use of such sensitive information, particularly in the healthcare industry, and industry participants, as well as Federal, State and local governments are implementing sensitive data regulations that can limit the use of personally identifying information. For example, some regulations may promote the responsible use and disclosure of data including such personally identifying information. Other regulations may permit the use of such information when the information is partially or completely de-identified (e.g., aggregated information where the granularity of the aggregation group size is above a selected threshold determined to preserve the secrecy of the sensitive information).